3 things you can do today to be more secure

80% of cyber attacks on companies start with an employee. Here are 3 things you can do today to be more secure and protect your organization. And the good news is they won't cost anything!

1. Enable Multi Factor Authentication. 

If you log in to an account with just a username and password it is called 2 factor authentication. The problem with 2 factor authentication is both the username and the password are something you know. This means if someone else knows (steals) your username and password they can log in to your account from anywhere. Multi Factor Authentication (or MFA) adds a third component - something you have. The most common form of MFA involves sending a code to your cellphone. This means even if a bad actor knows your username and password they can't log in to your account because they don't have your physical phone. So the first thing you can do to be more secure is to enable MFA on your accounts.

Here is how to enable MFA for the most common accounts.

Google

1. Open your Google Account.

2. In the navigation panel, select Security.

3. Under “How you sign in to Google,” select Turn on 2-Step Verification.

4. Follow the on-screen steps.

Microsoft

1. Sign in to your Microsoft account Advanced security options.

2. Under Additional security and Two-step verification choose Turn on or Turn off.

3. Follow the instructions shown on the screen.

Apple

1. Go to account.apple.com and sign in to your Apple Account 

2. Answer your security questions, then tap Continue 

3. Tap Continue when you see a prompt to upgrade account security 

4. Tap Upgrade Account Security and follow the onscreen instructions

2. Use strong and unique  passwords 

If a bad actor was trying to access your account the first thing they would do is try and "guess" your password. They would try:

• Your partner, child, or pet's name, possibly followed by a 0 or 1

• The last 4 digits of your social security number.

• 123 or 1234 or 123456.

• "password"

• Your city, or college, football team name.

• Date of birth – yours, your partner's or your child's.

• "letmein”

The scary thing is this would get about 20% of passwords!

If that didn't work they would use software to try and figure out your password. 

If your password 8 characters long this would take them 3 hours.

If your password is 9 characters long this would take them 12 days.

If your password is 10 characters long this would take them 3 years. 

If your password is 11 characters long this would take them 279 years.

If your password is 12 characters long this would take them 26,000 years.

As you can see, the longer your password is the harder it is to figure out. I recommend at least 10 characters. 

The other trick bad actors use is they will get in to an unimportant account like a photo sharing website and then try that same password on a more important website like your bank. This is why it is a good idea to have unique passwords for every account.

3. Don’t be phished.

The goal of a phishing email is to get you to click on a link and go to a fake website and enter your information (usually your username and password.)

There are several ways to spot a phishing email but the simplest rule is:

"if in doubt, type it out."

If you get a message asking you to log in to your email to verify your password or to get an update some information - type out the address of your email provider yourself so you know you are logging in to the legitimate website.

If you get a message asking you to log in to your email to verify a payment - type out the address of your bank yourself so you know you are logging in to the legitimate website.

If you get a message asking you to log in and esign a document for your lawyer or to get an update some information - type out the address of the esignature tool yourself so you know you are logging in to the legitimate website.

Contact us for more ways you can make your organization more secure.